AES-NI Performance Analyzed; Limited To 32nm Core i5 CPUs

Is Intel’s AES-NI Support A Must-Have Feature?

Security is an important topic these days. However, it's typically only recognized as important by professionals. If security were to suddenly turn into a mainstream selling point, though, then perhaps it'd make more sense for companies like Intel to promote it.

The Advanced Encryption Standard (AES) has already been adopted by the United States government—including the NSA—along with many other institutions. Intel’s 32nm Clarkdale-based CPUs (only the Core i5-600-series, so far) now promise significant performance benefits for AES encryption and decryption via new instructions. Today we're looking at the real-world benefits of Intel's AES-NI functionality, comparing a dual-core Core i5-661 with AES New Instructions (AES-NI) to a quad-core Core i7-870, which lacks the new encryption acceleration capability.

Encryption is used much more intensively than you might suspect. Consider Internet sites that hold you sensitive personal information, or utilize sensitive data for transactions. They all use protocols like Transport Layer Security (TLS) or Secure Sockets Layer (SSL). VoIP, instant messaging, and email may also be protected with these protocols. Virtual Private Networks (VPNs) and electronic payments are other popular encryption applications.

However, TLS and SSL are cryptographic protocols for secure communication, while AES is a general-purpose encryption standard. It can be used to encrypt individual files, data containers, archive files, entire drives (including thumb drives), and even multi-drive volumes. AES can be implemented in software, and there are products based on hardware acceleration as well, since encryption/decryption represent a rather significant workload. Solutions like TrueCrypt or Microsoft’s BitLocker, which is part of Windows Vista and Windows 7 Ultimate, are capable of encrypting entire partitions on the fly.

Whether or not you have "sensitive" data on your system naturally depends on your definition of sensitive, as well as your personal comfort level. In addition, security always depends on the right strategy and diligence in handling important information. Vital bits of data, like your social security number or credit card data (including the ol' expiration date and security code), should never be left on a system in unencrypted plain text.

One thing is certain: it makes sense to be overly-cautious than the other way around, especially if the amount of effort required to protect yourself is minimal. Intel’s approach of adding AES acceleration to its hardware doesn't automatically mean AES-enabled apps suddenly see a speed-up (optimizations are still required). However, it is a solid first step in addressing the most popular encryption standard in hardware, and it will be, and it will be a notable value-add in that company's future 32nm desktop processors, though you might be surprised to learn that the feature isn't included in all of the Clarkdale-based chips launched last month.

Does AES-NI provide a significant performance gain in typical encryption scenarios, or is this mainly a marketing push? Let's put it to the test.